From owner-freebsd-stable Thu Sep 6 14:57:25 2001 Delivered-To: freebsd-stable@freebsd.org Received: from lurza.secnetix.de (lurza.secnetix.de [212.66.1.130]) by hub.freebsd.org (Postfix) with ESMTP id 71AAE37B405 for ; Thu, 6 Sep 2001 14:57:21 -0700 (PDT) Received: (from olli@localhost) by lurza.secnetix.de (8.9.3/8.9.3) id XAA77063; Thu, 6 Sep 2001 23:57:20 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Date: Thu, 6 Sep 2001 23:57:20 +0200 (CEST) Message-Id: <200109062157.XAA77063@lurza.secnetix.de> From: Oliver Fromme To: freebsd-stable@FreeBSD.ORG Reply-To: freebsd-stable@FreeBSD.ORG Subject: pkg_add doesn't work in jail X-Newsgroups: list.freebsd-stable User-Agent: tin/1.5.4-20000523 ("1959") (UNIX) (FreeBSD/4.1-RELEASE (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, On a 4-stable box, I can't seem to use pkg_add within a jail. # pwd /tmp # ls *.tgz zsh-3.0.8.tar.gz # pkg_add *.tgz can't stat package file '/usr/jail/000/tmp/zsh-3.0.8.tar.gz' I think I've tracked it down to the __getcwd() syscall, which seems to return the absolute path without caring about the jail root. This is bad. In fact, it could be regarded as a security problem, because nothing in userland should be able to actually see the jail root. As a workaround, ``sysctl debug.disablecwd'' seems to work. It disables the syscall, then the getcwd() function in libc traverses the directories back to "/" itself to build the path. pkg_add works fine now. Can someone confirm my above analysis? Should I submit a PR? Unfortunately, I don't have a real fix. I didn't have a closer look at the __getcwd() code, but it seems pretty non-trivial to fix. Regards Oliver -- Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "All that we see or seem is just a dream within a dream" (E. A. Poe) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message